Patient Privacy Rights, joined by EPIC, ACLU, Center for Democracy & Technology, EFF and 24 other consumer privacy and public interest organizations asked the White House’s Office of Science and Technology Policy to issue a Request for Information in order to conduct a review that incorporates the concerns and opinions of those whose data may be collected in bulk as a result of their engagement with technology.

“We believe that the public policy considerations arising from big data and privacy are issues of national concerns that ‘require the attention at the highest levels of Government.’”

The Coalition for Patient Privacy believes that the “OSTP should consider a broad range of big data privacy issues, including but not limited to:
(1) What potential harms arise from big data collection and how are these risks currently addressed?
(2) What are the legal frameworks currently governing big data, and are they adequate?
(3) How could companies and government agencies be more transparent in the use of big data, for example, by publishing algorithms?
(4) What technical measures could promote the benefits of big data while minimizing the privacy risks?
(5) What experience have other countries had trying to address the challenges of big data?
(6) What future trends concerning big data could inform the current debate?”

True, the telephony metadata that the NSA collects does not include customer names, but it’s really no trouble to figure them out.

In defending the NSA’s telephony metadata collection efforts, government officials have repeatedly resorted to one seemingly significant detail: This is just metadata—numbers dialed, lengths of calls. “There are no names, there’s no content in that database,” President Barack Obama told Charlie Rose in June.

No names; just metadata.

New research from Stanford demonstrates the silliness of that distinction. Armed with very sparse metadata, Jonathan Mayer and Patrick Mutchler found it easy—trivially so—to figure out the identity of a caller.

Mayer and Mutchler are running an experiment which works with volunteers who agree to use an Android app, MetaPhone, that allows the researchers access to their metadata. Now, using that data, Mayer and Mutchler say that it was hardly any trouble at all to figure out who the phone numbers belonged to, and they did it in just a few hours.

Companies Use Information From Data Brokers, Pharmacies, Social Networks

Some health-care companies are pulling back the curtain on medical privacy without ever accessing personal medical records, by probing readily available information from data brokers, pharmacies and social networks that offer indirect clues to an individual’s health.

Companies specializing in patient recruitment for clinical trials use hundreds of data points—from age and race to shopping habits—to identify the sick and target them with telemarketing calls and direct-mail pitches to participate in research.

“I think patients would be shocked to find out how little privacy protection they have outside of traditional health care,” says Nicolas P. Terry, professor and co-director at the Center for Law and Health at Indiana University’s law school. He adds, “Big Data essentially can operate in a HIPAA-free zone.”

FTC Commissioner Julie Brill says she is worried that the use of nonprotected consumer data can be used to deny employment or inadvertently reveal illnesses that people want kept secret. “As Big Data algorithms become more accurate and powerful, consumers need to know a lot more about the ways in which their data is used,” Ms. Brill says.